kresd: Update config template for control path, cache, keys

. set distinct cache location and control path location
  Persisting the control sockets was causing errors when the container experienced
  unclean shutdowns. Placing it under `/run` will cause the orphaned sockets to be
  cleaned up properly in this scenario.

. Explicitly set the location of the cache directory.

. Explicitly set the location of the TA root.keys file
  make this file be something that can be updated dynamically by kresd (requires
  the newer container that adds the dependencies on lua-socket).

1 files changed, 19 insertions, 0 deletions

diff --git a/config/roles/kresd/templates/kresd.conf.j2 b/config/roles/kresd/templates/kresd.conf.j2
index 99e41b8..3b04e88 100644
--- a/config/roles/kresd/templates/kresd.conf.j2
+++ b/config/roles/kresd/templates/kresd.conf.j2
@@ -1,3 +1,21 @@
+local ffi = require('ffi')
+local id = os.getenv('SYSTEMD_INSTANCE')
+if not id then
+        log_warn(ffi.C.LOG_GRP_SYSTEM, 'environment variable $SYSTEMD_INSTANCE not set')
+else
+        -- Bind to control socket in run_dir
+        worker.control_path = '/run/control/'
+        local path = worker.control_path..id
+        local ok, err = pcall(net.listen, path, nil, { kind = 'control' })
+        if not ok then
+                log_warn(ffi.C.LOG_GRP_NETWORK, 'bind to '..path..' failed '..err)
+        end
+end
+
+-- Set cache location
+rawset(cache, 'current_storage', 'lmdb:///var/cache/knot-resolver')
+
+
 net.listen('10.41.0.1', 53, { kind = 'dns' })
 net.listen('10.42.0.1', 53, { kind = 'dns' })
 {% if openvpn_udp_network6 is defined and openvpn_udp_network6|length %}
@@ -13,4 +31,5 @@ modules = {
 
 cache.size = 400 * MB
 
+trust_anchors.add_file('/etc/knot-resolver/root.keys', false)
 http.config({ geoip = '/var/lib/GeoIP/GeoLite2-Country.mmdb', })